Summary

The WAVE Media Server uses a self-signed SSL certificate. In some situations it might be necessary to replace this certificate. This article details how to replace the certificate.

Modify the SSL Certificate

To modify the SSL certificate: 

1. Obtain the .pem certificate file. 
   
   

   NOTE: It is the responsibility of the user to obtain 
   their own .pem/crt (SSL Certificate).
   

2. Stop the Media Server. 
   
   
3. Go to the C:\Windows\System32\config\systemprofile\AppData\Local\Hanwha\WAVE Media Server\ssl directory.
   
   
4. Remove the existing pem* file.
   
   
5. Insert the certificate received from Step 1 into the ssl directory.
   
   
6. Change the file name to cert.pem.
   
   
7. Start the server.

NOTE: In Ubuntu, the only difference is the path to 
cert.pem file: /opt/Hanwha/mediaserver/var/ssl.

Ubuntu Linux System

To modify the certificate in Ubuntu Linux:

1. Prepare your own cert.pem file, which includes the private key, your cert, the CA chain. 
   
   
2. Copy this to a USB drive.
   
   
3. Open the media server config utility.
   
   
4. Right click on the Home icon.
   
   
5. Navigate to System Administration > Routing.
   
   
6. Add the URL to use, such as the following:  https://yourURL.com:7001. This should be the same name as in your purchased certificate.
   
   
7. Open a terminal window on the device by clicking the Command Prompt icon.
   
   
8. Type sudo -s <enter> to stop the media server.
   
   
9. Enter the password of the account.
   
   
10. Enter sudo systemctl stop hanwha-mediaserver.service, then click Enter.
    
    
11. Enter nautilus and click Enter. The Nautilus file explorer opens in admin mode.
    
    

    NOTE: The terminal window may close. 

12. Navigate to the OPT\Hanwha\MediaServer\var\SSL folder. 
    
    
13. Delete the default certificate cert.pem by right clicking it and sending to trash.
    
    
14. Navigate to your USB drive, right click the purchased cert.pem file that you prepared and click Copy.
    
    
15. Navigate to the cert directory \OPT\Hanwha\MediaServer\var\ssl\ and paste the new cert into the folder.
    
    
16. Restart the device. 
    
    
17. From another machine on the network, try to go to https://yourURL.com:7001.
    
    
18. Make sure to add the URL and internal appliance IP to your test computer  host file or create a static A record for it in internal DNS.
    
    
19. Add a public DNS A record of the name and the appliance public IP.   

NOTE: If the media server does not detect a valid cert in the 
SSL folder when it starts, it automatically generates a new 
Hanwha cert and drops it in the overwriting. That can indicate 
there is a problem with the .pem file.